Have you ever received an email notification from your favorite website that looks like it’s from them, but something just seems a little bit off? It’s possible that you may have been the victim of an email spoofing attack. Email spoofing is when a hacker sends a fake email notification to someone, in order to try and steal their personal information or login credentials. In this blog post, we will show you how to spot a fake email notification, so that you can protect yourself against these types of attacks.
Why do I get these emails? Have I been hacked?
This is one of the most common questions we answer. Just because you’re getting scam attempts doesn’t mean you’ve compromised. In a majority of cases, you’re getting these notifications because someone else was compromised and your email address was in their contact list.
Here are some easy ways to identify fake email notifications.
Spoofed Subdomains
Let’s take Facebook, for example. Its domain is facebook.com. Phishers, though, will use a spoofed subdomain so the fake notification might come from a site like facebook[.]123abc[.]com. Many people won’t notice the discrepancy and will click through anyway.
There’s another component to this, too. Many scammers have become very proficient in spoofing legitimate sites to the point that, after clicking through, the spoofed site is almost identical to the legitimate site you thought you were going to visit. So well done you won’t notice and you’ll enter your credentials anyway, compromising your account.
Common Formatting Flaws
Many phishing scams are run by foreign entities so it’s quite common for notifications to arrive with strange flaws and grammatical errors.
Fake Signatures
Let’s use Facebook as our example again. If you were to ever get a Facebook notification from the Zuck himself, that should be a huge red flag that something’s not right.
So, what can you do about phishing scams?
Of course, you can always report phishing scams within your email client. This helps send data to your email host so they can better combat phishing attempts in the future.
The best thing you can do is engage in security awareness training. This training gives you skills to be able to identify scam attempts and keep you and your organization safe.
Ready to engage in some security awareness training? Simply enter your name and email address below and we’ll be in touch!